Web Application & Services Security

how can we help you?

Contact us at info@symosis.com to get started, or request a callback by submitting the form below.

Symosis application security assessments address today’s complex web applications, web services, and desktop products to identify exploitable, inherent, and potential security threats that place your business at risk. Web enabled services are a serious challenge to security and are the largest external attack surface of critical assets. The exploitation by a hacker or malicious third party can result in the loss of confidential data, financial loss, and extensive damage to the organization’s reputation and image.

Security Assessments & Penetration Testing

Symosis security assessment and/or penetration testing begins with understanding your expected use cases and creating detailed test plans. Our testing methodologies are comprised of in-depth expert manual analysis as well as broad coverage using automated tools. The reviews are performed from the perspective of an unauthenticated, uninformed adversary known as a “Backbox” approach, and expand to include “Grey Box” and “Whitebox” reviews performed hand-in-hand with your developers and can extend to cover security reviews of your source code. The approach is defined, as your risk needs dictate and the complexity of your application demands. The application is manually crawled to ensure all functions are fully defined and the calls are captured so that the behavior can be analyzed. The review examines data validation, session management, error handling, application logic and dataflow to determines if calls within the application to secondary and support functions can be ‘spoofed’ and exploited. Our consultants work with your development team to ensure resolution of the security exposures.

The exercise provides the following benefits

  • Identify high risk vulnerabilities
  • Assess business and operational impact of an attack
  • Remediate security holes before an adversary finds them
  • Raise security awareness
  • Meet PCI DSS, HIPAA and other compliance requirements

Architecture Review & Threat Modeling

Security architecture review and threat modeling can take place before development, or at the point in time application penetration testing begins. The process includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

The exercise provides the following benefits

  • Validate security-related design features
  • Identify and fix potential vulnerabilities before they can be exploited
  • Integrate a security review into your architecture design process
  • Reduce overall cost of building secure software

Security Code Review

Security code review provides insight into the “real risk” associated with insecure code. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. Symosis combines automated and manual code analysis techniques in a multi- step process of familiarization, prioritization and analysis to understand the context and make relevant risk estimate that accounts for both the likelihood of attack and the business impact of a breach.

  • Identify and remediate code level vulnerabilities
  • Conduct security due diligence of key applications and 3rd party software
  • Meet regulatory requirements (PCI DSS 1.2, clause 6.3.7)
  • Educate developers on secure coding best practices
  • Enforces security as development priority